[Tails-dev] Tor Browser self-updater vs. sandboxing

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: tbb-dev
CC: freepto, tails-dev
Subject: [Tails-dev] Tor Browser self-updater vs. sandboxing
Hi,

while discussing opportunities for increased cooperation between Tails
and Freepto [1] recently, I've mentioned the upcoming Tor Browser's
self-updater, and one of the Freepto developers rightly noted that
there may be a fundamental incompatibility between this updater, and
the desire to confine the browser in a sandbox. Indeed, it seems quite
clear to me that one of the important tasks such a sandbox should
fulfill would be... to avoid the confined program from
modifying itself.

It seems that supporting such sandboxes is part of your plans ([2],
[3]), so I'm curious: what's the TBB team's take on this problem?

[1] http://www.freepto.mx/
[2] https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorP
[3] https://trac.torproject.org/projects/tor/ticket/5791

Cheers,
--
intrigeri